For clarity, API Seer’s engagement policy is intentionally designed to reduce risk, ensure compliance, and provide clarity from the outset. It defines who we work with, where we operate, and how we engage with APIs, and forms a non-negotiable condition of engagement.
All commercial data processing arrangements, and service deliveries are governed by UK law, with UK jurisdiction applying.
UK-Based Clients
API Seer works primarily with UK-based entities. This deliberate restriction provides:
✅ Clear legal jurisdiction and contractual enforceability
✅ Alignment with UK GDPR and UK data protection expectations
✅ Reduced regulatory ambiguity
✅ Predictable governance, auditability, and dispute resolution
This approach enables consistent assurance standards and simplifies engagement for procurement, legal, and compliance teams.
Data Residency & Infrastructure
Where client data is involved, services are delivered using UK-hosted infrastructure, with data processed and retained within the UK. This supports data sovereignty expectations and minimises cross-border data transfer risk.
Global APIs
While our clients are UK-based, the APIs we work with may be located anywhere in the world. API Seer routinely engages with APIs operated by international platforms and organisations.
Such engagements are permitted provided that:
✅ Access is authorised
✅ Client credentials are used
✅ Data accessed is data the client is entitled to receive
✅ API terms, controls, and rate limits are respected
In all cases, API Seer acts as a legitimate, authorised API consumer and data processor on behalf of a UK client.
Exceptions
By exception, and at API Seer’s sole discretion, we may choose to engage with non-UK entities. Any such engagement is assessed individually and subject to additional scrutiny around jurisdiction, data handling, and contractual enforceability.
Exceptions do not alter our standard operating model. They are decisions made by API Seer, not service options, and should not be assumed.
Assurance
As a data processor, API Seer acts on behalf of its clients to:
✅ Make authorised API calls only
✅ Use client-owned credentials
✅ Access only data the client is entitled to receive
✅ Respect authentication, rate limits, and access controls
✅ Operate with explicit client permission and contractual authority
We automate only lawful interactions that an authorised user or system could perform manually, and analyse permitted responses over time.
Requests to bypass these principles or operate outside compliant use will not be accepted.
Condition of Engagement
This policy is not a marketing statement; it is a condition of engagement. Clients seeking to operate outside these principles, or to request exceptions as a matter of convenience, should not expect API Seer to proceed.